Skip to main content

Linux Kernel CVE-2026-43176

| EUVDEUVD-2026-27736 HIGH
2026-05-06 Linux GHSA-g589-97cx-27m9
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:33 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
8.8 (HIGH)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
HIGH 8.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: pci: validate release report content before using for RTL8922DE

The commit 957eda596c76 ("wifi: rtw89: pci: validate sequence number of TX release report") does validation on existing chips, which somehow a release report of SKB becomes malformed. As no clear cause found, add rules ahead for RTL8922DE to avoid crash if it happens.

AnalysisAI

Improper validation in the rtw89 PCI WiFi driver allows adjacent network attackers to trigger kernel crashes via malformed TX release reports on RTL8922DE wireless chipsets. The vulnerability stems from insufficient content validation of release reports before use, which can cause kernel panics when malformed SKB (socket buffer) release reports are processed. EPSS score of 0.02% and absence from CISA KEV suggest limited real-world exploitation, though the 8.8 CVSS reflects the potential for complete system compromise via adjacent network access without authentication. Patches available across multiple stable kernel branches (6.18.16, 6.19.6, 7.0).

Technical ContextAI

The rtw89 driver manages Realtek 802.11ax (WiFi 6) wireless chipsets in the Linux kernel. This vulnerability affects the PCI interface layer specifically for the RTL8922DE chipset. TX release reports are kernel data structures used to track transmission completion and free socket buffers (SKBs). The commit 957eda596c76 added sequence number validation for existing chips after observing malformed release reports, but RTL8922DE lacked equivalent safeguards. When the driver processes a corrupted release report without validation, it can dereference invalid memory addresses or corrupt kernel data structures, leading to kernel panics or potentially exploitable memory corruption. The fix adds preemptive validation rules to verify release report content integrity before processing.

RemediationAI

Upgrade to patched Linux kernel versions: 7.0 or later (mainline), 6.19.6 or later (6.19.x stable branch), or 6.18.16 or later (6.18.x stable branch). Patches available at https://git.kernel.org/stable/c/5f93d611b33a05bd03d6843c8efe8cb6a1992620 (mainline), https://git.kernel.org/stable/c/3e8a88b5e8b3506d9c5e031a65ba65ce9a0683a3 (6.19.x), and https://git.kernel.org/stable/c/ebeaa3b24ba568ff8505165f954dba15cc53e4b3 (6.18.x). For systems unable to patch immediately, compensating controls include: disable the rtw89 kernel module if RTL8922DE hardware is not required (modprobe blacklist, may break WiFi functionality); restrict access to adjacent network segments through network segmentation and WiFi isolation features (reduces attacker reach but does not eliminate risk from legitimate adjacent users); implement 802.1X port-based network access control to limit adjacent access to authenticated devices (adds authentication layer but allows exploitation post-authentication). Note that disabling the driver eliminates WiFi functionality on affected hardware; network controls reduce but do not eliminate adjacent attack surface.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43176 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy